an offer maker can provide only a fraction of the point tokens and gas grief all bidders
Summary
During the settling period the offer maker can provide only a fraction of the point tokens and do not deliver the promised points to all the bidders, who had bid for those points.
Vulnerability Details
-
Scenario:
1) Alice (offer maker) creates an ask offer for 1000 points
2) 10 other users bid for that offer with 100 points each3) Settle period starts
4) Alice callsDeliveryPlace.settleAskTaker()with 1 wei as _settledPoints value. As a result she transfers only 1 Point token to the Capital Pool and does not deliver the rest of the tokens.
5) Allice gets all her collateral back, even though she transfered 1 wei of Tokens
6) All user's who had bid do not get their Points tokens. They have lost money in paid protocol fees, tx fees etc.
The scenario is possible because the protocol returns all the collateral to Alice even with 1 wei token tranfer from her to the protocol
Code snippet
Here is where the issue occurs: https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/DeliveryPlace.sol#L400-L414
Impact
Lost of funds for the bidders from the protocol fees paid, also no actual Points received. The bidders need to withdraw all deposited assets, however the fees paid are lost, also loss of tx fees. Lost in protocol reputation
Tools Used
Recommendations
Return a proportional amount of the collateral to the offer maker, depending on what he/she transfered to the bidders in terms of points and what it was promised to all offer bidders.
Lead Judging Commences
[invalid] finding-DeliveryPlace-owner-do-not-call-settleAskMaker
Invalid, the makers are incentivized to settle offers to earn maker bonuses when subsequent takers and makers make trade using the original collateral put up for points as well as get back their initial collateral. Additionally, if they do not settle on time, they will lose all their initial collateral, forcing the `owner` to come in and perform the settlement and retrieving that collateral. This is noted as a design decision [here](https://tadle.gitbook.io/tadle/how-tadle-works/features-and-terminologies/settlement-and-collateral-rate) If all else fails, the `owner` can come in to settle as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L254-L256) and [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L365-L367) offers to allow closing offers and subsequently allowing refunds. I acknowledge that perhaps a more decentralized
Appeal created
[invalid] finding-DeliveryPlace-owner-do-not-call-settleAskMaker
Invalid, the makers are incentivized to settle offers to earn maker bonuses when subsequent takers and makers make trade using the original collateral put up for points as well as get back their initial collateral. Additionally, if they do not settle on time, they will lose all their initial collateral, forcing the `owner` to come in and perform the settlement and retrieving that collateral. This is noted as a design decision [here](https://tadle.gitbook.io/tadle/how-tadle-works/features-and-terminologies/settlement-and-collateral-rate) If all else fails, the `owner` can come in to settle as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L254-L256) and [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L365-L367) offers to allow closing offers and subsequently allowing refunds. I acknowledge that perhaps a more decentralized
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.